A Public Web of Trust of Public Identities
In the world of people's public actions, privacy is not the name of the game, it is instead a well-known single public identity. - Tim Berners-Lee
Following Tim Berners-Lee design issue of a public identity we are investigating ways, not only for a person to manage and maintain both his private and public credentials, but also to obtain trust over his public identity. Such trust will have many benefits, including:
- As Berners-Lee suggests, public figures would like to make sure that their public activity is clearly associated with them and no one else.
- At least minimal trusted publicity is required to help reduce fake identities (sybils) and their impact on social networks
- It enables democratic processes, specifically voting, in a fully decentralized and distributed way based on self sovereign identities.
We start by mathematically define the concepts of a public identity and a public web of trust1. Let be a set of people and a set of attributes which are predicates over people. For each and , if the predicate holds for the person . A profile is a finite set of attributes .
Let be a set of public identities with profile attributes in . A trust edge over is a directed edge , and . The trust edge is called truthful if is true of and an attack edge otherwise. A public web of trust over , also called a trust graph, is a graph with a set of trust edges over .
DID implementation of a public web of trust
Next we describe an implementation of a public identity and a public web of trust, using the DID specification and the Verifiable Credentials specification. As DID supports privacy, but does not require it, most of the implementation is straight forward. A DID document can hold multiple public keys and can describe separate keys for authentication Vs. authorization. As long as all these keys are bounded together in a single public DID document, they can be regarded as synonyms for the one public key that identifies a public identity. A DID document can point to a verifiable credentials service that can expose the owner's attributes, whether cryptographycally encoded or not. Attributes can be attested by 3rd parties, or self attested by the owner on himself. A DID document with an accompanied verifiable credentials storage can therefor serve as a public identity as defined above.
To create a public web of trust we use a second verifiable credentials service, with our own defined context, defining a single field for the claim called 'trustedAttributes'. The 'id' field for this claim is the DID of the trusted person and the 'issuer' of this verifiable claim is the trusting person. See the image below for an example. A digital signature of the trusted claim, signed by the issuer, can prove the validity of the trust claim. Such a verifiable claim can serve as a trust edge as defined above, revealing only ids of the trusting person, the trusted person and his trusted claim. Storing all such trusted edges for a given community in a single service point can provide a complete trust graph for that community, as defined above.
The e-Democracy group in the computer science department of the Weizmann institute of science, led by Prof. Udi Shapiro is investigating the computational foundations for e-Democracy. Towards this goal we add the following definitions1:
- honest if its profile is true of its owner, . Otherwise, is sybil.
- unique if it is the sole public identity owned by its owner, . Otherwise, is non-unique.
- fake, transparent, or opaque if its public profile is so, respectively.
We expect an e-democracy to strive that its public identities be honest and transparent. To achieve this we use graph conductivity to analyze a trust graph and bound the number of sybils in a graph. A public web of trust as proposed here can serve as such a graph and hence enables the identification and eradication of sybils in a community based on self sovereign identities. Some relevant preliminary results can be found here. Abstracts of ongoing research can be found here.
1: Poupko, O and Shapiro, E, A Public Web of Trust of Public Identities: Supporting Sybil-Resilient e-Community Building. In preparation, https://www.dropbox.com/s/lahp4shi2edstn4/public-web-trust.pdf?dl=0, 2018.